[2023Q3] Cost of Consensus Security: Hardware

Authors

Irene

Creator

Irene

Created

Aug 22, 2023 7:36 AM

Project

Protocol Security

Stage

Graduated from Notebook

@Irene, August 2023

• Intro and Result Recap
• Analysis
• Cost of “bribing SPs”
• Cost of “buying sectors”
• Cost of “adding new sectors”
• Comments and Extras

Intro and Result Recap

We consider different strategies for getting to control the 33%:

1. “Bribing SPs”: the attacker convinces existing SPs in the network to run its software for block production for at least 24h, virtually controlling 33% of the power.
2. “Buying sectors”: the attacker convinces existing SPs in the network to sell their sectors until it gets to control 33% of the power.
3. “Adding new sectors”: the attacker is a valid SP in the network and adds sectors in such a way that in a short period, its consensus power reaches the 33% share

The recap of the estimated (lower bounds of) the costs of these strategies is in the table below, the analysis about how we got to these numbers is in the next section.

Analysis

The goal is to estimate the cost of these strategies, and the first cost that we want to calculate is the HW cost of storing the sectors (HDD cost).

HDD cost for storing 33% of the QAP for 24h:

• Considering only 32GiB sectors
• Storage cost is SC = $0.000715 per day (reference: https://observablehq.com/@protocol/costs-storage)
• 33% of consensus power = 33% of NetworkQAP
• (august 2023) 33% of 23EiB = 7.6 EiB of QAP.
• How many sectors for 7.6 EiB of QAP?
• Let N be the number of sectors, N depends on the fraction y of the sectors that are with (verified) deals,
• y*N*10 + (1-y)*N *32GiB = 0.33*QAP ⇒ N = 0.33 *QAP / (32GiB *(9y+1))
• (y = 0) All are CC sectors, then N = 7.6 EiB / 32GIB = 2.55 10^8 sectors,
• (y = 1) All are with deals, then N = 7.6 EiB / 320GIB = 2.55 10^7 sectors
• Note that today (10th aug 2023) we have 1.3 EiB/32GiB = 4.36 10^7 sectors with verified deals, which represents ~12% of the total sectors .
• So the HDDCost is in the range [$18k, $184k], and we can consider as realist value the one we get for y = 0.12
• ⇒ HDDCost = ⅓ QAP/ (2.08 *32GiB) *SC = $88.4k

How much hardware is needed for ‘good’ network security?

• The per EiB cost of 24h HDD security is SC * (1/3) * SectorsPerEiB = $8k.
• SectorsPerEiB = (1024**6) / (32 * 1024**3) = 33,554,432.
• To get to $1B HDD security requires 125,000EiB in RBP.
• Or for the network to be $1B/$88k= 11,346x larger.

If the RBP network grows, but the locked collateral shrinks, what’s the net effect on security?

Cost of “bribing SPs”

• Estimating the cost of this strategy is not easy since the “price” of bribing may depend on the different SP behaviors. We think that a lower bound for this is considering the HDD cost computed above.
• TODO: add private key bribing - or assume private key is at facility

Cost of “buying sectors”

• In this case, we consider the HDD cost plus the cost of paying to the SP the future earning (block rewards) and finally plus the cost of buying the storage pledge.
• Future earnings (per sector):
• Assume the adversary buys sector with a remaining life of 6 months (on average)
• Per sector:
• 180*BR*, with BR = sector block reward in a day
• SectorBlockReward =EpochReward *SectorQAP/NetworkQAP (per epoch)
• To get to 33% of QAP:
• Cost = (180*EpochPerDay*EpochReward*0.33)*FILPrice
• EpochReward of today is 13FIL, but will go down in the future (see Figure 4A here)
• Assume the attack is performed is Q22024, the we consider a EpochReward of 11FIL
• 180 * 2880 * 11FIL * 0.33 * $4 ~$7.5M
• TODO: better estimate the remaining life!
• Storage pledge:
• Per sector:
• SectorInitialStoragePledge(t) =Estimated 20DaysSectorBlockReward
• SectorBlockReward =EpochReward *SectorQAP/NetworkQAP
• To get to 33% of QAP:
• 20 * EpochPerDay * EpochReward * 0.33 (ie, 20x the reward for 33% of the QAP)
• Epoch reward was higher in the past, so if we consider today value we get a lower bound
• StoragePledgeCost = 20 * 2880 * EpochReward* 0.33 * FilPrice
• 20 * 2880 * 13FIL * 0.33 * $4 = ~$1M

Cost of “adding new sectors”

• How much RBP you need to add to get to 33% of QAP (assuming you add only sectors with verified deals)?
• x is the fraction of existing RBP is with deals,
• QAP = RBP (1-x) + 10*RBP*x
• y is the fraction of RBP (all with 10x power) to be added to get to 33% of QAP
• 1/3 = (10*y*RBP)/NewQAP
• 1/3 = 10*y/ [ (1-x) + 10*x + 10*y)]
• y = 1- x +10x/20

• y*RBP = QAP/20 → 23EiB/20 = 1.15EiB
• Here we need to consider the cost of sealing (performing PC1)
• Per sector: with the latest Supranational improvement, that is around $0.04 per 32GiB sector
• To get to 33% of new QAP:
• 1.15EiB / 32GiB * $0.04 ~$1.54M
• And the gas cost from ProveCommitSector/ProveCommitAggregate
• Resource:https://observablehq.com/@protocol/costs-gas?collection=@protocol/costs
• Per sector (min, using no batching): 0.016
• To get to 33% of new QAP:
• 1.15EiB / 32GiB * 0.016 * $4 ~$2.47M
• TODO:
• Consider a ration for verified deals on the new power
• Correlate onboard with gas price history (consider a discount since we are making gas cheaper)
• Rate limits
• Cost of gas (primarily PSD)
• FIL+

Comments and Extras

Other attacks

• Shut down facilities

Additional risks

• Renting storage

Other models:

• Include the revenue of the attack!

Consensus Pledge for security:  https://www.notion.so/pl-strflt/QAP-pricing-and-consensus-security-d9374ec5b68244c6b50fcb8c16ec113c

Past docs:

Red Team: Cost of Consensus Security